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TI System, method and article of manufacture for a modular gateway- 

server architecture 

AB Secure transmission of data is provided between a plurality of computer 

systems over a public communication system, such as the Internet 
. Secure transmission of data is provided from a customer computer 
system to a merchant computer system, and for the further secure 
transmission of payment information regarding a payment instrument from 
the merchant computer system to' a payment gateway computer system. The 
payment gateway system evaluates the payment information and returns a 
level of authorization of credit via a secure transmission to the 
merchant which is communicated to the customer by the merchant. The 
merchant can then determine whether to accept the payment instrument 
tendered or deny credit and require another payment instrument. An 
architecture that provides support for additional message types that 

are 

value-added extensions to the SET protocol is provided by a preferred 
embodiment of the invention. A server communicating 
bidirectionally with a gateway is disclosed. The server 

communicates to the gateway over a first communication link, over which 
all service requests are initiated by the server. The gateway 
uses a second communication link to send service signals to the 
server. In response to the service signals, the server 

initiates transactions to the gateway. or presents information on an a 
display device. 
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TI System, method and article of manufacture for secure digital 

certification of electronic commerce 

AB Secure transmission of data is provided between a plurality of computer 

systems over a public communication system, such as the Internet 

Secure transmission of data is provided from a party in communication 
with a first application resident on a first computer which is in 
communication with a second computer with a certification authority 
application resident thereon. The second computer is in communication 
with a third computer utilizing an administrative function resident 
thereon. The first, second and third computers are connected by a 
network, such as the Internet. A name-value pair for 
certification processing is created on said first computer and 
transmitted to an administrative function on the third computer. Then, 
the name-value pair is routed to the appropriate certification 

authority 

on the second computer. The administrative function also transmits 

other 

certification information from said administrative function to said 
certification authority on the second computer. Until, finally, a 
certificate is created comprising the name-value pair and the other 
certification information on the second computer. The certificate is 
utilized for authenticating identity of the party. 
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TI Internet-based system for enabling information-related 

transactions over the internet using Java-enabled 
internet terminals provided with bar code symbol readers for 



AB A novel transacti'J^^Bnabling system is disclosed, vJ^Hfein a 

transaction-enabling Java-Applet is embedded within ~z-D bar code 
symbol . 

An HTML-encoded document and code associated with the 
transaction-enabling Java-Applet is created and stored in an HTTP 
server for use in enabling a predetermined information-related 

transaction. When a bar code symbol encoded with a transaction-enabling 
Java-Applet is read using a bar code symbol reader interfaced with a 
Java-enabled Internet terminal, the corresponding code is 
automatically accessed and the HTML-encoded document is displayed at 

the 

terminal, and the transaction-enabling Java-Applet initiated for 
execution so that the customer, consumer or client desiring 
the transaction can simply and conveniently conduct the 
information-related transaction over the Internet. 
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TI System, method and article of manufacture for conditionally accepting a 

payment method utilizing an extensible, flexible architecture 

AB An architecture that provides a server that communicates 

bidirectionally with a gateway over a first communication link, over 
which service requests flow to the server for one or more 
merchants and/or consumers is disclosed. Service requests are 

associated 

with a particular merchant based on storefront visited by a consumer or 
credentials presented by a merchant. Service requests result in 
merchant 

specific transactions that are transmitted to the gateway for further 
processing on existing host applications . - By presenting the appropriate 
credentials, the merchant could utilize any other computer attached to 
the Internet utilizing a SSL or SET protocol to query the vPOS 
system remotely and obtain capture information, payment administration 
information, inventory control information, audit information and 
process customer satisfaction information. 
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TI System, method and article of manufacture for handling transaction 

results in a gateway payment architecture utilizing a multichannel, 
extensible, flexible architecture 

AB Secure transmission of data is provided between a plurality of computer 

systems over a public communication system, such as the Internet 
. Secure transmission of data is provided from a customer computer 
system to a merchant computer system, and for the further secure 
transmission of payment information regarding a payment instrument from 
the merchant computer system to a payment gateway computer system. The 
payment gateway system evaluates the payment information and returns a 
level of authorization of credit via a secure transmission to the 
merchant which is communicated to the customer by the merchant. The 
merchant can then determine whether to accept the payment instrument 
tendered or deny credit and require another payment instrument. An 
architecture that provides support for additional message types that 

are 

not SET compliant is provided by a preferred embodiment of the 

invention. A server communicating bidirectionally with a 

gateway is disclosed. The server communicates to the gateway 

over a first communication link, over which all service requests are 

initiated by the server. The gateway uses a second 

communication link to send service signals to the server. In 

response to the service signals, the server initiates 

transactions to the gateway or presents information on an a display 

device . 
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TI System, method and article of manufacture for a payment gateway system 

architecture for processing encrypted payment transactions utilizing a 
multichannel, extensible, flexible architecture 

AB Secure transmission of data is provided between a plurality of computer 

systems over a public communication system, such as the Internet 
. Secure transmission of data is provided from a .customer computer 
system to a merchant computer system, and for the further secure 
transmission of payment information from the merchant computer system 



to 



the 



a payment gateway computer system. The payment gateway system receives 
encrypted payment requests from merchants, as HTTP POST messages via 



Internet. The gateway then unwraps and decrypts the requests, 

authenticates digital signatures of the requests based on certificates, 
supports transaction types and card types as required by a financial 
institution, and accepts concurrent VPOS transactions from each of the 
merchant servers. Then, the gateway converts transaction data 
to host-specific formats and forwards the mapped requests to the host 
processor using the existing financial network. The gateway 
architecture 

includes three distinct sections to enhance distribution of the 
functions. The upper API consists of concise functions which are 
available via a call out interface to custom modules. The lower API 
allows the gateway and the custom modules to call in to reusable 
functions which facilitate isolation from possible future fluctuations 
in structural definitions of SET data elements. The system 
configuration 

custom parameters include the more static information elements required 
for such things as the network address of the host or its proxy 
equipment, timeout values, expected length of certain messages and 



other 



system configuration information. These parameters are specified as 
name-value pairs in the gateway system initialization file. 
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TI System, method and article of manufacture for processing a plurality of 

transactions from a single initiation point on a multichannel, 
extensible, flexible architecture 

AB An architecture for processing a plurality of transactions from a 

single 

point of initiation is disclosed. The initiating computer selects a 
terminal identification token, and associates the token with a 
transaction request, thereby ensuring the association of the 
transaction 

with a unique terminal identification despite being originated by the 
same terminal. The tokens are obtained from a token table, which 
contains a row for each token defined to the system. The table includes 
a column for the token, a column that identifies a system with which 



the 



set 



token may be used, and a column that identifies a date and time field 
indicating when a particular token was selected for use. A null value 

the date-time field indicates that the token for that row is not in 

A query operation selects a token with a null date-time value, and a 

operation sets the date-time value to the then-current time to mark it 
in use. At the conclusion of the transaction, a set operation sets the 
date-time value to null, enabling the token to be reused for another 
non-concurrent transaction. 
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TI System, method anc^^Bticle of manufacture for a gati^My system 

architecture with System administration information 'accessible from a 
browser 

AB Secure transmission of data is provided between a plurality of computer 

systems over a public communication system, such as the Internet 
. Secure transmission of data is provided from a customer computer 
system to a merchant computer system, and for the further secure 
transmission of payment information from the merchant computer system 



a payment gateway computer system. The payment gateway system receives 
encrypted payment requests from merchants, as HTTP POST messages via 

Internet. The gateway then unwraps and decrypts the requests, 

authenticates digital signatures of the requests based on certificates, 

supports transaction types and card types as required by a financial 

institution, and accepts concurrent VPOS transactions from each of the 

merchant servers. Then, the gateway converts transaction data 

to host-specific formats and forwards the mapped requests to the host 

processor using the existing financial network. The gateway system 

architecture includes support for standard Internet access 

routines which facilitate access to system administration information 

from a commercial web browser. 
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TI Method and apparatus for enabling a web server to 

impersonate a user of a distributed file system to obtain secure access 
to supported web documents 

AB A method of enabling a Web server to impersonate a 

Web client to thereby obtain access to files stored in 

a distributed file system of a distributed computing environment. The 
distributed computing environment includes a security service for 
returning a credential to a user authenticated to access the 

distributed 

file system. In response to receipt of a transaction request from the 
Web client, a determination is made whether the 

transaction request has originated from a user authenticated to access 
the distributed file system. If so, the Web server 

is controlled to reuse the credential of the user across multiple file 
accesses in the distributed file system on behalf of the Web 
client . 
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TI Collaborative internet data mining systems 

AB A collaborative Internet data mining system for facilitating a 

group effort from a plurality of guides to the Internet, by 
automatically processing the information provided by the guides and 
thereby create a branded or uniform look and feel to the web 
sites supported by the plurality of guides. 
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TI Open network system for I/O operations with non-standard I/O devices 

utilizing extended protocol including device identifier and identifier 

for operation to be performed with device 
AB An open network system for supporting input/output (I/O) operations for 

non-standard I/O devices are disclosed. The system includes a 
server coupled to a plurality of I/O devices through an open 

network and an extended open system protocol that supports 
communication 

with devices that are not personal computers (PCs) . These devices 
include magnetic stripe readers, check readers, smart card readers, 
credit card terminals, screen phone terminals, PIN pads, printers, and 



the like. The exteaj^d open network protocol includja^tags which 
identify device ar^Bnput operations and attributes^Bich identify the 
location, data excfflmge method, and data variable names for the 
retrieval, acquisition, and submission of data between the 
server and I/O devices. Preferably, the open network protocol is 

implemented in a Hyper Text Transport Protocol (HTTP) . Preferably, the 
system includes a common gateway interface (CGI) at the server 
which converts protocol statements communicated between the 
server and I/O devices to application language statements for 
providing data to an application program coupled to the server 
. Most preferably, the application statements and protocol statements 
are constructed in integrated statements with an editor. The editor 
ensures that data identifiers in the application and protocol 
statements 

are compatible. The integrated statements are then parsed by the editor 
to segregate the protocol statements from the application statements. 
The protocol statements are downloaded in a file to a 
client program at an I/O device for processing. The application 

statements are stored in a file for use by the application. In this 
manner, generation of the files for client and application 
processing are automatically done without the user ensuring the 
correlation of the data fields in the two files. 
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TI Editor for developing statements to support i/o operation on open 

network using segregator for segregating protocol statements from 
application statements upon verification of correspondence 

AB An open network system for supporting input/output (I/O) operations for 

non-standard I/O devices are disclosed. The system includes a 
server coupled to a plurality of I/O devices through an open 
network and an extended open system protocol that supports 

communication 

with devices that are not personal computers (PCs). These devices 
include magnetic stripe readers, check readers, smart card readers, 
credit card terminals, screen phone terminals, PIN pads, printers, and 
the like. The extended open network protocol includes tags which 
identify device and input operations and attributes which identify the 
location, data exchange method, and data variable names for the 
retrieval, acquisition, and submission of data between the 

server and I/O devices. Preferably, the open network protocol is 

implemented in a Hyper Text Transport Protocol (HTTP) . Preferably, the 
system includes a common gateway interface (CGI) at the server 
which converts protocol statements communicated between the 

server and I/O devices to application language statements for 
providing data to an application program coupled to the server 
. Most preferably, the application statements and protocol statements 
are constructed in integrated statements with an editor. The editor 
ensures that data identifiers in the application and protocol 
statements 

are compatible. The integrated statements are then parsed by the editor 
to segregate the protocol statements from the application statements. 
The protocol statements are downloaded in a file to a 
client program at an I/O device for processing. The application 

statements are stored in a file for use by the application. In this 
manner, generation of the files for client and application 
processing are automatically done without the user ensuring the 
correlation of the data fields in the two files. 
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TI System, method and article of manufacture for remote virtual point of 

sale processing utilizing a multichannel, extensible, flexible 
architecture 

AB An architecture that provides a server that communicates 



bidirectionally wiJ^a client over a first communicj|^on link, 
over which servicf^^Pquests flow to the server for or more 

merchants and/or consumers is disclosed. Service requests are 
associated 

with a particular merchant based on storefront visited by a consumer or 
credentials presented by a merchant. Service requests result in 
merchant 

specific transactions that are transmitted to the gateway for further 
processing on existing host applications. By presenting the appropriate 
credentials, the merchant could utilize any other computer attached to 
the Internet utilizing a SSL or SET protocol to query the 
server remotely and obtain capture information, payment 

administration information, inventory control information, audit 
information and process customer satisfaction information. 
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Distributed file system web server user 
authentication with cookies 

A method of authenticating a Web client to a 
Web server connectable to a distributed file system of 

a distributed computing environment. The distributed computing 
environment includes a security service for returning a credential to a 
user authenticated to access the distributed file system. In response 

receipt by the Web server of a user id and password 
from the Web client, a login protocol is executed 
with the security service. If the user can be authenticated, a 
credential is stored in a database of credentials associated with 
authenticated users. The Web server then returns to 
the Web client a persistent client state 

object having a unique identifier therein. This object, sometimes 
referred to as a cookie, is then used to enable the Web 
client to browse Web documents in the distributed file 
system. In particular, when the Web client desires 
to make a subsequest request to the distributed file system, the 
persistent client state object including the identifier is 
used in lieu of the user's id and password, which makes the session 

more secure. In this operation, the cookie identifier is used as a 
pointer into the credential storage table, and the credential is then 
retrieved and used to facilitate multiple file accessess from the 
distributed file system. At the same time, the Web 
client may obtain access to Web server (as 

opposed to distributed file system) documents via conventional user id 
and password in an HTTP request. 
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TI Internet-based system and method for tracking objects bearing 

URL-encoded bar code symbols 

AB A novel Web-based package routing, tracking, and delivering 

system and method that uses URL/ZIP-CODE encoded bar code symbols on 
parcels and packages. The system comprises one or more Routing, 

Tracking 

and Delivery (RTD) Internet Server Subsystems 
connected to the Internet infrastructure and updated at any 
instant of time with package tracking information. A Package Log 
-In/Shipping Subsystem is located at each shipping location and 
connected to the RTD Internet Server by way of the 

Internet infrastructure. A Package Routing Subsystem, is located 
at a hub station and connected to the RTD Internet 

Server by way of the Internet infrastructure. A 

Portable Package Delivery Subsystem is carried by each package delivery 
person, and connected to the RTD Internet Server by 



way of the Interne^nfrastructure communication lij^^ At each 

remote hub statioi^Bthin the system, the URL/ZIP-G^B encoded bar code 

symbol is automatically scanned by way of the Internet 

infrastructure; the encoded destination Zip Code is locally recovered 
and used to route the package at the hub station; and the locally 
recovered URL is used to access the RTD Internet 
Server and update the location of the package within the system. 
The Portable Package Delivery Subsystem is used to read the 
URL/ ZIP-CODE 

encoded bar code symbol near the delivery destination in order to 

access 

the RTD Internet Server and display delivery 

information and the like to facilitate the delivery process. 
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TI System, method and article of manufacture for virtual point of sale 

processing utilizing an extensible, flexible architecture 

AB Secure transmission of data is provided between a plurality of computer 

systems over a public communication system, such as the Internet 
. Secure transmission of data is provided from a customer computer 
system to a merchant computer system, and for the further secure 
transmission of payment information regarding a payment instrument from 
the merchant computer system to a payment gateway computer system. The 
payment gateway system evaluates the payment information and returns a 
level of authorization of credit via a secure transmission to the 
merchant which is communicated to the customer by the merchant. The 
merchant can then determine whether to accept the payment instrument 
tendered or deny credit and require another payment instrument. An 
architecture that provides support for additional message types that 

are 

not SET compliant is provided by a preferred embodiment of the 

invention. A server communicating bidirectionally with a 

gateway is disclosed. The server communicates to the gateway 

over a first communication link, over which all service requests are 

initiated by the server. The gateway uses a second 

communication link to send service signals to the server. In 

response to the service signals, the server initiates 

transactions to the gateway or presents information on an a display 

device . 
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TI System, method and article of manufacture for verifying the operation 

of 

a remote transaction clearance system utilizing a multichannel, 

extensible, flexible architecture 
AB An architecture for verifying the operation of a remote transaction 

clearance system is disclosed. A merchant-controlled computer 

communicates with a test gateway computer over a communications 
channel . 

The merchant-controlled computer transmits messages representing test 
transactions to the test gateway computer on the communications 
channel . 

The test gateway computer responds with simulated transaction 
responses. 

In another aspect of the invention, the transaction responses include 
configuration data that is used by the merchant-operated computer to 
configure itself to access a production gateway computer. 
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TI System for extending present open network communication protocols to 

communicate with non-standard I/O devices' directly coupled to an open 
network 



AB An open network s^j^m for supporting input/output J^tO) operations for 

non-standard I/O Aces are disclosed. The system ■■ludes a 
server coupled to a fxfurality of I/O devices through an open 
network and an extended open system protocol that supports 

communication 

with devices that are not personal computers (PCs) . These devices 
include magnetic stripe readers, check readers, smart card readers, 
credit card terminals, screen phone terminals, PIN pads, printers, and 
the like. The extended open network protocol includes tags which 
identify device and input operations and attributes which identify the 
location, data exchange method, and data variable names for the 
retrieval, acquisition, and submission of data between the 

server and I/O devices. Preferably, the open network protocol is 

implemented in a Hyper Text Transport Protocol (HTTP) . Preferably, the 
system includes a common gateway interface (CGI) at the server 
which converts protocol statements communicated between the 

server and I/O devices to application language statements for 
providing data to an application program coupled to the server 
. Most preferably, the application statements and protocol statements 
are constructed in integrated statements with an editor. The editor 
ensures that data identifiers in the application and protocol 
statements 

are compatible. The integrated statements are then parsed by the editor 
to segregate the protocol statements from the application statements. 
The protocol statements are downloaded in a file to a 
client program at an I/O device for processing. The application 

statements are stored in a file for use by the application. In this 
manner, generation of the files for client and application 
processing are automatically done without the user ensuring the 
correlation of the data fields in the two files. 

L12 ANSWER 19 OF 20 USPATFULL 

PI US 5732216 19980324 

TI Audio message exchange system 

AB An audio program and message distribution system in which a host system 

organizes and transmits program segments to client subscriber 
locations. The hose organizes the program segments by subject matter 

and 

creates scheduled programming in accordance with preferences associated 
with each subscriber. Program segments are associated with descriptive 
subject matter segments, and the subject matter segments may be used to 
generate both text and audio cataloging presentations to enable the 

user 

to more easily identify and select desirable programming. A playback 
unit at the subscriber location reproduces the program segments 
received 

from the host and includes mechanisms for interactively navigating 

among 

the program segments. A usage log is compiled to record the 
subscriber's use of the provided program materials, to return data to 
the host for billing, to adaptively modify the subscriber's preferences 
based on actual usage, and to send subscriber-generated comments and 
requests to the host for processing. Voice input and control mechanisms 
included in the player allow the user to perform hands-free navigation 
of the program materials and to dictate comments and messages which are 
returned to the host for retransmission to other subscribers. 
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TI System for electrically distributing personalized information 

AB An audio program and message distribution system in which a host system 

organizes and transmits program segments to client subscriber 
locations. The host organizes the program segments by subject matter 

and 

creates scheduled programming in accordance with preferences associated 



with each subscribJi^ Program segments are associal^j^with descriptive 
subject matter se^Bts, and the subject matter seg^Hts may be used to 
generate both text and audio cataloging presentations to enable the 

user 

to more easily identify and select desirable programming. A playback 
unit at the subscriber location reproduces the program segments 

received 

from the host and includes mechanisms for interactively navigating 

among 

the program segments. A usage log is compiled to record the 
subscriber's use of the provided program materials, to return data to 
the host for billing, to adaptively modify the subscriber's preferences 
based on actual usage, and to send subscriber-generated comments and 
requests to the host for processing. Voice input and control mechanisms 
included in the player allow the user to perform hands-free navigation 
of the program materials and to dictate comments and messages which are 
returned to the host for retransmission to other subscribers. The 
program segments sent to each subscriber may include advertising 
materials which the user can selectively play to obtain credits against 
the subscriber fee. Parallel audio and text transcript files for at 
least selected programming enable subject matter searching and 
synchronization of the audio and text files. Speech synthesis may be 
used to convert transcript files into audio format. Image files may 

also 

be transmitted from the server for synchronized playback with 
the audio programming. 
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